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(57) Abstract 

The present invention relates to electronic monetary systems in general, and in particular to measures for making their use easier 
for an average user. The present invention is based on the idea that the use of electronic money is greatly simplified for a non-expert 
user, if the Internet Service Provider of the user takes care of the payments, and adds corresponding charges on the user's telephone bill. 
Such functionality requires the intervention of the ISP in the transmissions between a user and a third party, i.e. intercepting the electronic 
payment requests sent by a merchant. According to the present invention, the ISP uses electronic money on behalf of the user, and charges 
the payments on the user's telephone bill. The ISP can take care of all technical details necessary for obtaining different forms of electronic 
money in a centralized manner, and all users of the ISP can use the electronic money obtained by the ISP simply by allowing the ISP to 
add corresponding charges to their telephone bills. Further, the ISP can obtain all major forms of electronic money, whereafter a user can 
choose the most economical way of payment, if a merchant accepts payments in more than one form of electronic money. 
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METHOD AND SYSTEM FOR PERFORMING ELECTRONIC MONEY 
TRANSACTIONS 

BACKGROUND OF THE INVENTION 

5 

The present invention relates to electronic monetary systems in general, and in 
particular to measures for making their use easier for an average user. 

A conventional Internet Service Provider (ISP) system is shown in Figure 1. The 

10 basic duty of an ISP is to transfer data from one network such as the Internet to 

another network such as the conventional telephone network, and vice versa. A user 
can connect to the Internet network 116 using his computer 100 arid modem 102 via 
the conventional telephone network, represented in Figure 1 by the user's local 
telephone exchange 104, and via the ISP system 105. A conventional ISP system 

15 105 comprises a Call Control Point 106, which receives the calls and directs them to 
terminal servers 1 12. The terminal servers 1 12 basically convert the data signals 
from the form used in the conventional telephone network to the form used in the 
network 1 16 to which the ISP system 105 is connected to, and vice versa. A typical 
ISP system 105 further comprises a router 1 14, which receives the data signals from 

20 terminal servers 1 12 and sends them to the network 1 16, and conversely, receives 
data signals from the network 1 16, and based on the destination addresses given in 
the data signals, forwards each signal to the correct terminal server 1 12. A typical 
ISP system 105 also comprises a proxy 1 18, which functions as an intermediary 
between the users of the ISP and third parties in the network 1 16. A proxy typically 

25 caches in its mass memory most recent documents, which the users of the ISP 

retrieve from the network. If a user transmits a request for a document which had 
recently been accessed from the ISP and is therefore cached in the memory of the 
proxy, the proxy sends the user a copy of the document from its memory, in order to 
reduce the load on the network 116 and speed up the service perceived by the user. 

30 

The data signals are transferred in the Internet with TCP/IP protocol, which is 
described in detail in the standards RFC 791 and RFC 793. World Wide Web 
(WWW) documents can be accessed on WWW servers in the Internet with the help 
of the HTTP protocol, which defines among others, a standard format for requesting 
35 a certain document on a given WWW server. Version 1.0 of the HTTP protocol is 
defined in the standard RFC 1945. The TCP/IP protocol and the HTTP protocol are 
both well known to the man skilled in the art, and do not require further elaboration. 
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Figure 2 shows the configuration of a second. type.of telephone network service • 

Z£T ***** 2 1 ° ^ ** ~ " -to.at^ dering 

ervices. Ftgure 2 shows an example, how an Intelligent Network (IN) complian 
telephone exchange can be used to produce an automated service ThV 
* system 210 comprises an IN-compliant Service ^ ~™ 

Serv,ce Control Point (SCP) 1 JO which controls the SSP i«H * a * u 

pressing the number keys on his telephone, while the SCP * 

SSSassS&SSSsS" 

Several versions of electronic money are available or under development todav An 

Z£T majOT ;7 ions of electronic money is «*» - *• cov~l 

etaed h, ,„ tHe June 1996 issue Qf , he ByK J ^ 

can ob«a,n electrons cash from a provider of e,ec.ro„ic cash, which g veX user 
electron* symbols representing the amount of money paid by the use The „ 
typically stores these symbols in his con.pu.er with L t^Z^ZL 
program, and uses the symbols later for navmon. nf • c 'ecironic wallet 

merchant can send the received symbols ,o Che provider of electronic cash 1 
change mem to real money. Such an electronic monetary system is described 
deta.1 in, for example, the European patent application EP « 298 Z m 
references contained therein. An electronic monetary system based on me use of 
c ed,t cards or „ k e means of payment is currently being developed Cmajo credit 
card compames. One similar credit card based system is described ST' 

Common to all current electronic monetary systems is that they are cumbcome 

from the user's pom. of the view. The user must firs, ob.ai„ 

before betng able .„ pay for services or merchandise over a communica IT " 

ntust ob,ai„ an e.ecronic ide„.i„ca.i<,„ ^S^ES^^C^" 
owner and user of his credit card. rightful 
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These requirements cause a burden on the user,, and requires the average user to 

know about the details of various forms of electronic money and learn how to obtain 
and use such electronic money. The symbols representing the electronic money are 
typically stored on the hard disk of the user's computer, and are vulnerable 16 
5 accidental erasure or malfunction of the hard disk. Therefore, the user should take 
good care of the electronic cash, and take backup copies of the symbols representing 
the money. Although electronic monetary systems provide for replacement of 
accidentally lost electronic money, the replacement procedure is a burden on the 
user. Further, since there are more than one type of electronic money being 
1 0 developed, the user needs to obtain all major types of electronic money if he desires 
not to be limited in his buying choices, since it is very probable that all merchants 
will not accept all forms of electronic money. 

SUMMARY OF THE INVENTION 

15 

An object of the invention is to make it easy for a user to pay with electronic money. 
A further object of the invention is to allow a user to pay with electronic money 
without requiring him to obtain any electronic money himself. A still ftirther object 
of the invention is to implement a system, with which Internet Service Providers and 
20 like services can provide an easy way of using electronic money for their users. 

These aims will be reached by adding an intercepting means and electronic wallet 
means to an ISP system, and arranging the system to 

- optionally initiate the payment procedure on the request of the user, 

25 - intercept and redirect to the electronic wallet means an incoming payment request 
addressed to a user* 

- add a charge corresponding to the requested amount to the user's telephone bill, 
and 

- send from the electronic wallet means an electronic money payment in response to 
30 the payment request from a merchant. 

The system according to the invention is characterized by that which is described in 
the characterizing part of the independent system claim. 

35 The method according to the invention is characterized by that which is described in 
the characterizing part of the independent method claim. 

The dependent claims describe further advantageous embodiments of the invention. 
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The present invention is based on the idea, that the use of electronic money is 
greatly simplified for a non-expert user, if the ISP takes care of the electronic 
money payments, and adds corresponding charges on the user's telephone bill or 
5 uses some other suitable way of obtaining a payment from the user. Such 

functionality requires the intervention of the ISP in the transmissions between a user 
and a third party, i.e. intercepting the electronic payment requests sent by a 
merchant. According to a preferable embodiment of the present invention, the ISP 
uses electronic money on behalf of the user, and charges the payments on the user's 

10 telephone bill. The ISP can take care of all technical details necessary for obtaining 
different forms of electronic money in a centralized manner, and ail users of the ISP 
can use the electronic money obtained by the ISP simply by allowing the ISP to add 
corresponding charges to their telephone bills. Further, the ISP can obtain all major 
forms of electronic money, whereafter a user can choose the most economical way 

1 5 of payment, if a merchant accepts payments in more than one form of electronic 
money. 

The system according to the present invention comprises an interception means, 
which examines the incoming data traffic. When the interception means notices that 

20 a transmission contains a request for payment with electronic money, it redirects the 
transmission to another means comprising the functionality necessary for the use of 
electronic money. After this, the system inspects the request, adds a corresponding 
amount to the user's telephone bill and continues with the payment according to the 
received request. The system according to the invention can further comprise means 

25 for controlling, and optionally initiating, the payments. For example, the user can set 
up an acceptance policy or accept or reject individual payments through a separate 
connection to a network address administered by the system according to the 
invention. 

30 BRIEF DESCRIPTION OF THE DRAWINGS 

Various embodiments of the invention will be described in detail below, by way of 
example only, with reference to the accompanying drawings, of which 

35 Figure 1 shows, how a user can connect to a network such as the Internet 
according to the prior art, 
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..JA8M?5^.._ Shows an example of a voice service provider system using an IN- 
compliant telephone exchange, 

Figure 3 shows a basic example of a system according to the invention, 

: Figure 4 shows another example of a system according to the invention. 

Figure 5 shows an embodiment of the invention, in which the interception means 
120 outputs the redirected traffic via the same output as the rest of the 
traffic^ 

Figure 6 shows an example, where the system according to the invention is 
implemented in a system connected to a mobile telephone network, 

Figure 7 shows an advantageous embodiment of the invention, where the 
interception means 120 is implemented within a proxy 118, and 

Figure 8 shows an example of a particular implementation of the system according 
to the invention. 

Figures 1 and 2 were described earlier in connection with the description of the state 
of the art; 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Figure 3 shows a basic example of an advantageous embodiment of the invention. In 
this example, the user is in contact with a merchant 130 with his computer 100 and 
conventional modem 102 or ISDN adapter 103, through the conventional telephone 
network 108, local telephone exchange 104 of the conventional telephone network, 
the system 105 of the Internet service provider (ISP), and the network 1 16. The 
conventional telephone network may support ISDN connections as described here, 
for example, by having a telephone exchange 104 supporting [SDN connections. 
Any other known connecting methods and techniques may as well be used, for 
example, such as ADSL or HDSL connections. In the system according to the 
invention, the ISP system 105 additionally comprises an intercepting means 120. 
The intercepting means 120 redirects the payment requests originating from the 
network to the control unit 122 of the ISP system 105. When the user gives a 
request for a service or a merchandise, the merchant's 130 system responds with a 
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— Payment request. The intercepting means 1 20 redirects the request to the control 
unit 122, which sends conventional accounting signals corresponding to the 
payment via the SSP 106 to the user's local telephone exchange 104, where the 
corresponding sum is added to the user's telephone bill. After sending the 
5 accounting signals, the control unit 122 sends the electronic money to the merchant 
130 via the network 1 16, After receiving the electronic money, the merchant 130 
continues with producing the requested service or merchandise. 

The control unit may send the electronic money and other messages to the merchant 
10 via the intercepting means 120 as in the embodiment of Figure 3, or past the 
intercepting means, for example via a router included in the ISP system. 

The control unit may effect the debiting of the user's telephone account at any 
convenient stage in the payment procedure, not only in the beginning of the 
1 5 procedure. Naturally, it may be desirable for the ISP to effect the debiting at the 
latest before a point in the payment procedure after which the payment cannot be 
cancelled, if the debiting for some reason is not succesful. 

In one advantageous embodiment of the invention, the control unit 122 comprises in 
20 addition to the functionality needed for the use of electronic money, also the 
functionality of a conventional IN-compliant Service Control Point. 

In the embodiment of Figure 3, the electronic wallet means, i.e. the electronic 
money transaction means, is located in the control unit 122 or a similar functional 
25 entity. The wallet and its contents are taken care of by the ISP, which obtains more 
electronic money from a electronic money provider when necessary. The ISP can 
obtain all major forms of electronic money from major electronic money providers, 
whereafter the user does not need to take notice of which merchants require which ' 
kind of electronic money. 

30 

One important aspect of electronic money is the possibility for the user to accept or 
reject any given payment request. In the system according to invention, this can be 
implemented in several ways. One advantageous embodiment is shown in Fig. 4. 
The control unit 122 is connected to the router 1 14, and the user can form a 
35 connection to a payment control means 122a in the control unit 122. This payment 
control means 122a can be, for example, in the form of a World Wide Web (WWW) 
document at a certain network address, which is administered by the control unit 
122. The router 1 14 directs all communication from the user to this network address 
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directly to the. control unit. The user can open a connection to the network address 
of said payment control means in the same conventional way as to any other address 
in the network 1 16. The control unit 122 can recognize the user connecting to it via 
the network 1 16 based on the user's network address, since the control Unit 122 
5 knows the network addresses allocated for the users of the ISP system 105. Once the 
user has opened a connection to the said network address of the control unit 122, the 
control unit 122 can inform the user via the opened connection of an eventual^ 
incoming payment request and ask for confirmation. 

1 0 The payment control means and other control means described later in this 
application could be directly connected to the network 1 16. In that case, 
communication from the user to the control means would pass through at least a part 
of the network 1 16. However, such a configuration would be more vulnerable to 
outside attacks, since the important information determining the acceptance of 

1 5 payments would briefly flow outside the ISP system. The configuration shown in 
Figure 4 is more secure, since the communication between the user and the control 
means only takes place within the conventional telephone network and within the 
ISP system. 

20 As in the case of conventional electronic money, the user can adopt a default policy 
towards payment requests and instruct the ISP to treat incoming payment requests 
accordingly. The policy can include, for example, the options of 

- allowing payments under a certain limit, 

- allowing all payments until a certain cumulative amount has been reached in a 
25 given time period, 

- allowing all payments to a given merchant or a number of merchants, 

- forbidding all payments to a given merchant or a number of merchants, 

- any combinations of the previous, or 

- forbidding all payments. 

30 

The user can set up the policy with the ISP in many ways, for example, by making a 
separate agreement with the ISP. The ISP can as well set up a default policy, which 
the users agree on when starting to use the services of the ISP. In one advantageous 
embodiment of the invention, the control unit 122 comprises policy control means 
35 122b, and the user can control and adjust the payment acceptancy policy by 

connecting to the control unit 122 through the network as described above, and 
instructing the control unit 122 with the help of the said policy control means 122b. 
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„_ „The. control unit 122 can find out which user's policy information -to change by 
recognizing the user in the way described previously. 

A further aspect of electronic money, namely the voluntary sending of an amount of 
5 electronic money, can be implemented in a similar way. In one advantageous 
embodiment of the invention, the control unit 122 comprises payment sending 
means 122c, which the user can connect to at a certain network address as described 
previously. After connecting to the said payment sending means 122c, the user can 
instruct the payment sending means 122c to send an electronic payment to a desired 

10 network address. After receiving the instruction to send a payment, the payment 
sending means preferably first sends accounting signals to the user's exchange 104 
to add the amount to be sent to the user's telephone bill, after which the payment 
sending means 122c sends the instructed amount of electronic money to the desired 
address, indicating the user as the sender of the money. It is also possible that a user 

15 wishes to send an anonymous donation. Therefore, the payment sending means 122c 
preferably also comprises a control means allowing the user to instruct the payment 
sending means 122c hot to designate him nor any other person as the sender of the 
payment. The user may also use any of the known methods of hiding the identity of 
the sender of a message, for example by sending the payment via a special 

20 anonymous server. 

In some electronic money systems the user may need to initiate a payment 
procedure himself. In the system according to the invention the user can initiate the 
payment for example with the payment sending means 122c or other similar control 
25 means. 

In one advantageous embodiment of the invention, the payment control means 122a, 
policy control means 122b, payment sending means 122c, and any other control 
means described in this application are combined into one general control means, in 
30 order to allow the user to control all aspects of the electronic money with a single 
connection. Also any combinations of the control unit 122 and any control means 
described in this application are possible to implement. 

In a further advantageous embodiment of the invention, the system according to the 
35 invention provides for a further aspect of electronic monetary systems, namely 
receiving payments. In this embodiment, the system according to the invention 
receives and processes the payment in the way specified by the electronic monetary 
system in question. After receiving the payment the system transfers a 
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corresponding .amount of credit to the user. The transferring may proceed,fbr 
example^ in one of the following ways: 

- if the base network through which the user is connected to the ISP allows crediting 
the user's account, the system can credit that account; 

- the ISRrcan keep internal accounts for the users, in which case the payment is 
added to the account; or 

- the ISfecan initiate an automatic bank transfer to the bank account of the user, if 
the user-has informed the ISP of his bank and his bank account. 
Alternatively, the system according to the invention can employ any of the prior art 
methods of crediting an account, used for example in con junction with various 
service lines charging an extra fee above the normal call fee. Preferably, the system 
according to the invention can be instructed by a user to collect payments into an 
internal account until a specified minimum amount has been reached, before 
transferring the accumulated credit to the user. 

The control unit 122 can include details about each payment in the accounting 
information sent to the user's telephone exchange 104 to allow detailed itemization 
of paid goods and services on the user's telephone bill, if the base network 
containing the telephone exchange 104 supports detailed itemization of the 
telephone bill. This kind of reporting may also be accomplished through sending a 
separate information letter or e-mail to the user or using any other known means of 
informing a user. 

The requested payments might not be exact multiples of the charging unit of the 
telephone network, through which the user is connected to the ISP system 105. The 
requested payments may even be substantially smaller than conventional charging 
units, since many electronic monetary systems provide for very small payments 
called micropayments. The system according to the invention may comprise means 
for keeping accounts for sums below one charging unit, and wait until the total of 
payments exceeds one charging unit, before sending accounting signals to the user's 
local exchange for adding one charging unit to the user's telephone bill. The 
invention does not limit the charging practices of the ISP system in any way. The 
ISP can for example add a surcharge for every electronic payment made using the 
system according to the invention. 

In one advantageous embodiment of the invention, the ISP sends the user a separate 
invoice, instead of charging his telephone account. The ISP may collect a number of 
payments into an internal account, until a first predetermined sum has been reached, 
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after which the ISP sends an invoice. If a payment is larger .than.a.econd 

The ^ ^ SCnd an inV ° iCe COVerin ^ that I**-* payment 

The ISP may as well reqmre the user to deposit an amount before allowing the" er 

5 1Z TT m ° ney ° fthe ISP ' Le " ^ ~ before u S e. Nat ^.y 
5 any conventional invoicing methods may be used. 

The system according to invention can Use any electronic monetary system even 
credit card based monetary systems. The system can pay the merchant ^ the 
red,t cards issued to the ISP. after adding the corresponding sum to the 1 s 
10 elephone bill. The ISP can obtain all necessary electronic iLtificat o Spates 
and programs necessary for using a given type of credit card based electronic 
money, thus alleviating the burden from the users of the ISP. 

is by thc — * — <*> ** - « 

- the intercepting means 120 inspects every incoming data packet 

- if the data packet does not contain electronic money traffic, the data packet is 
forwarded in the normal way to the user, 

- if the data packet does contain electronic money traffic, the intercepting means Po 
20 directs ,t to the electronic money transaction means. 

The method of detecting electronic money traffic from other traffic may vary 
depending on the actual protocol used to transfer money. In the current electronic 
monetary systems the two main approaches for the transmission of e.ec^t money 
25 information are the following: '^ironic money 

pro«oco'r tr0niC ^ ' rafiiC " direC ' ed '° 0 Certai " PO " aCC ° rd "'« '° lhe TC ™- 
pro^o'r tr ° niC m ° ney inf ° rma,i0n " C ° ntained Special fl « lds <" «* HTTP 



30 



35 



Preferably, the system according to the invention is arranged to handle both types of 
electronic money information. For clarity, the cases 1) and 2) are discussed 
separately in the following paragraphs. <"scussed 

In the case that the electronic money traffic is directed to a certain TCP port the 
basic function of the intercepting means 120 of redirecting electronic monev' traffic 

r^rr 122 can be im ~ ,n — ■ ^ ~* = * - 
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la) The intercepting means 120 can redirect the electronic money containing 

packets to a different output than the rest of the traffic, as shown in Fig. 4. 
Ib) The intercepting means 120 can treat a packet containing electronic money as a 
piece of data and pack it into one or more IP packets addressed to the control unit 
5 122 and forward the new packets to the same output as the rest of the traffic, after 
which the router 1 14 of the ISP system 10$ switches the new packets to the control 
& unit 122. 

i lc) The intercepting means 120 can rewrite the packet, replacing the user's address 
with the address of the control unit 122 in the destination address field of the packet, 
10 and encoding the user's address in other fields of the packet or by adding a source 
routing option to allow the control unit 122 to recognize which user the packet was 
originally addressed to. After rewriting, the intercepting means 120 forwards the the 
rewritten packet to the same output as the rest of the traffic, whereafter the router 
1 14 of the ISP system 105 switches the new packets to the control unit 122. 

15 

& The configuration of the embodiment shown in Figure 5 is suitable for use with the 
tr said ways of implementation lb) and lc). In this embodiment, the intercepting 
means 120 effects the redirection of the packets by readdressing them to the control 
unit 122. The router 1 14 subsequently forwards all packets to their stated destination 
20 addresses, whereafter the redirected packets reach the control unit 122. 

The exact TCP port dedicated for electronic money traffic may vary depending on 
the electronic money provider. In this case, the intercepting means 120 can check, if 
the TCP port number in the destination port field of the packet corresponds to any of 
25 the port numbers in a predetermined set of port numbers. 

In one advantageous embodiment of the invention, the intercepting means 120 
redirects the electronic money traffic addressed to only some users, and passes 
through the electronic money traffic addressed to other users without redirection. In 

30 this embodiment, if the data packet contains electronic money traffic, the 

intercepting means 120 determines the destination of the packet. If the packet 
destination is not one of the uisers in a certain category, the packet is passed 
normally to the end user. In this embodiment, the users of the ISP can take care of 
the electronic money themselves in the manner known in the art, if they do not wish 

35 to pay for any services or merchanise on the telephone bill. Such an option would be 
useful, for instance, for the employees of a small company, who are using the 
company's account at the ISP to access the network, and who wish to pay 
themselves for the services or merchandise. The intercepting means can also redirect 
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payment requests, of certai n kinds of electronic money on ly v and pass-payment 
requests of other kinds of electronic money without redirection. These features can 
be preferably controlled by a control means similar to previously described control 
means 1 22a; 122b, and 122c. 

5 

The case 2) above, i.e. when the electronic money information is contained within 
additional fields of a HTTP request according to the HTTP protocol, is slightly more 
complicated. A HTTP request may be sent over a network in one or more 
transmission units such as TCP packets, depending on the size of the request and the 
10 size of a single transmission unit of the network. Therefore, the HTTP request may 
need to be reconstructed from the sent transmission units, before the intercepting 
means 120 can inspect, whether the request contains electronic money information 
or not. 



15 The HTTP protocol allows for transmission various data fields before payload data 
in a single transmission such as a HTTP request, The HTTP protocol itself defines 
and uses some fields, arid electronic monetary systems may define other fields. 

The electronic monetary systems may use at least the following formats in a single 
20 HTTP transmission: 

2a) the transmission only contains the electronic money information in one or more 
fields, 

2b) the transmission contains the electronic money information in one or more fields 
and as the payload data of the transmission, or 
25 2b) the transmission contains the electronic money information in one or more 
fields, and a document. 

In the cases 2a) and 2b) above, the transmission only contains electronic money 
information in various forms. In these cases, the intercepting means 120 redirects 
30 the transmission to the control unit 122, which can subsequently act as required by 
the electronic payment protocol in question and as described above in connection 
with the description of Figure 3. 

The case 2c) above is more complicated. As above, the intercepting means 120 
35 redirects the transmission to the control unit 122. In this case the control unit 122 
must decide, whether the user needs to receive the document contained as the 
payload data of the transmission. If the control unit 122 is able to determine that the 
user does not need to receive the document, the system can act as described above at 
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points 2 a) and. 2b),„ This determination is possible, if the electronic payment-protocol 
in question has standardized the content of such a document, and the control unit 
122 can verify that the document does not contain any new information for the user. 
For example, it may be a HTML document of a predetermined structure, containing 
5 a question about acceptance of the purchase and the definitions of a "Yes" arid a 
£Caricer button for the user to approve or to cancel the purchase. If the purchase is 
within the limits indicated by the user for automatic acceptance, the control unit 122 
does not need to present the question to the user. 

10 If the control unit 122 is unable to determine that the user does not need to receive 
the document, it must pass the HTTP request containing the document to the user. 
The control unit can accomplish this for example by sending the HTTP request back 
to the intercepting means 120, instructing the intercepting means 120 to send the 
HTTP request to the user. Alternatively, the system may comprise another means 

15 for adding such requests sent by the control unit to the data communication traffic 
directed to the user. In order not to invoke a payment procedure at the user's 
computer, the control unit 122 preferably removes the fields containing electronic 
money information from the HTTP request forwarded to the user or replaces them 
or their contents with an indication to the effect that the payment is already being 

20 taken care of. 

In a farther advantageous embodiment of the invention, the system according to the 
invention can prompt the user for the acceptance or denial of a payment by sending 
the user an electronic document, such as a HTML document, containing for example 

25 a question about acceptance of the purchase and the definitions of a "Yes 1 ' and a 
"Cancel" button for the user to approve or to cancel the purchase. Specifically, in 
the case 2c) described above, the control unit can replace the document sent by the 
merchant with a similar document specific of the ISP system before forwarding the 
HTTP request to the user. Of course, as described above, the control unit needs to 

30 determine first, if it is allowed to replace the original document. 

The HTTP 1 .0 protocol is defined in the standard RFC 1945 and is well known by 
the man skilled in the art. Therefore, the protocol is not described in this application. 
The exact fields and field names utilized by various electronic monetary systems 
35 may vary according to monetary system and electronic money provider in question, 
wherefore the exact fields and field names are not defined in this application. The 
system according to the invention can be arranged to act upon any given protocol 
for transmission of electronic payments. 
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In a further advantageous embodiment of the invention, the intercepting means 120 
redirects all HTTP traffic on the basis of the TCP port number reserved for the 
HTTP protocol. The system according to the invention can employ a two^level 
5 intercepting means scheme, in which the redirected HTTP traffic is interpreted and 
inspected by a second-level intercepting means, which directs HTTP transmissions 
containing electronic money information to the control unit 122, and forwards the 
rest of the HTTP traffic to the user. Alternatively, the first intercepting means 120 
can redirect all HTTP traffic directly to the control unit 122, which then interprets 
10 and inspects all HTTP transmissions. As previously, if any given HTTP 

transmission does not contain electronic money information, the transmission is 
forwarded to the user. If a HTTP transmission contains electronic money 
information, the transmission can be handled as described previously. 

15 In a further advantageous embodiment shown in Figure 7, the intercepting means 
120 and preferably also the functionality of the control unit 122 pertaining to 
electronic money are implemented in the proxy 1 18 of die ISP system. For example, 
the electronic wallet means 124 of the ISP system could be implemented in the 
proxy 118 instead of the control unit 122, as described previously. Also, the control 

20 means 122a, 122b and 122c and other control means pertaining to use of electronic 
money can be controlled by the proxy 1 18, in the embodiment of Figure 7. In this 
embodiment, the remaining functionality of the control unit 122 is very close to that 
of a conventional Service Control Point 1 10 of an IN-compliant telephone 
exchange. The proxy 1 18 can handle all details of the electronic money transactions, 

25 and the control unit 122 in addition to the conventional functions of a Service 
Control Point, only needs to be able to receive accounting information from the 
proxy 118 and return a confirmation of a succesful addition of a sum on the user's 
telephone bill. 

30 In conventional ISP systems, the use of the system's proxy is not mandatory for a 

user, and he can configure the programs in his computer not to use the proxy. In the 
embodiment of Figure 7, the user can control the usage of electronic money also by 
choosing whether to use the proxy 1 18 or not. Further, a large ISP may have more 
than one proxy to handle the traffic; in that case, the user may choose which proxy 

35 to use: one with electronic money functionality, or a conventional one without 

functionality supporting the use of electronic money. In the embodiment of Figure 
7, if the user does not use a proxy or uses a conventional proxy, the ISP does not 
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treat the electronic monsyjaffic for that user in any special way, whereafter .he 
user may use his own electronic money if he so wtshes. 

The intercepting means 120 can also be implemented, for example, in afirewall 
5 device- A firewall device is typically a computer running screening software. ^ 
tstaTed between a system and a network to protect the system from unwanted 
%£LH the nelork. One typical way of operation for a firewall devtce ,s to 
readdKSS all traffic originating from users of the system and all tncommg traffic 
Sta sed to users in .he sys.em, in order no. (0 reveal the true network address of 
0 he uL. Tha. is, in outgoing traffic the firewall replaces .he users address wuh a 
Bogus address and stores the user's address and .he bogus address m t.s memory . 
Conversely the firewall device replaces the bogus address given as the destmatton 
addre ^an incoming message with the real address of.hr .user. Th< . firewa,, 
usuallv blocks all incoming .raffic addressed to any other addresses. Such a 
, 5 Iddres ing means provides an advantageous starting poin. for implerrtentatton of 
rfntercepring means, which effects .he separation of electronic money traffic from 
1"*" ^ by readdressing the electronic money traffic as desenbed 

previously. 

,0 The inclusion of the electronic money functions in the control unit 122 in some of 
2 prev o",y described embodiments of the invention was presented as an example 
only The separation of.be electronic money functions from the control urn. 22 to 
a separate means sueh as a proxy 1 1 8 as in the previous example, or a separate 
eletZle money unit can be incorporated inany of the embodiments desenbed ,n 
25 this application. 

in a further advantageous embodiment, the system according to the invention can 
convert one form of electronic money to other forms of electron, money. For 
example, the user may have only one type of electronic money, m wh.ch case U 
deZbl that the ISP system would convert requests for payment mto requests of 
that type of electronic money, with which the user can pay. In such an embod.ment, 
the system according to the invention sends the user a conventual payment 
eque^ instead of sending accounting information to the conventional telephone 
network to charge his telephone bill. After receiving the payment from the user, the 
ISP system can respond to the original payment request in whatever type ot 
electronic money requested. 



30 
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The system accordingto the invention can FhhU^ u 

electronic n^. ,r. ^ ^T^^™"*"***^*** 
electronic pay m e„ ts independently of the SP heT '° * " Make 

made a special,ag_ With Jj£^ *" k «** - 

5 electronic money into their own computers!™ h f * d " W,,load 

downloaded money along with theiXho^iH , ',° W f °' ^ 

act as a conventional merchant as well tLul A " emat,Vel >'' a bank can 
electronic money, i.e. changes onese lf 1 C ° n,a0t " ba " k Whkl ' 

electronic money for a comm s ten X^lT ^ 
10 into his compuler, which he can hen use " 1* ° b ' ain etec "<* ™°«cy 

ISP. For example, me nser can dowTl^d ^ "* 0f 

into a smart card, and pay with Zs^rtr 1 ^ coa """" 

for tickets on the city Lsport etc """^ ^"tiena, shops, 

1= In the previous embodiments, the network I 16 can be h„, ■ 

Internet. The network 1 1 6 may be anv oth, , ? n °' l,m " ed to ' 

of a certain business sec(or , c, Led h t "IT ,' ' 7** ' — «* 

companies, no, individual pereons. " °"' y aCCeSSible '° 

20 

Service, Di gita , N „„ ork) Lpi^^^^* ' 
mventton can be used in conjunction wi,h omer ,3 ,, , * aCCOrdi " S '° ,he 
networks as we,,. ,„ one advantageous emooa 7^ L ^T"" 1 "** 
25 connected to the ISP system , 05 via a mobife [T'T " Xt ' S 

shown in Figure 6 . For fc J^^rST? " e,WOrk 20 °- SS 

laptop computer 1 00 and mobile telephone 202 v in 1 L f 105 Ws 
mobile telecommunications network 200 The ml f ^ '° n 2 °* ° f * e 
200 can be for example a GSM (Global Svl 7 ^o^icationa network 
30 DAMPS (Digital Advanced Mo U Phones " **, ^ or a 

can use a PDA device 206 (Person I DM«f 1 ' ne ' W ° rk ' Alte "»«vely, the user 
functions, or a similar toL7Z^£Z?? ^ <™™> 

embodiment shown i„ p igure 6 „ C^^^JT* IT"* ^ ^ 
serv,ce provider which also sell ISP LnA~ ™! m ° b,le ,ele i' llo " e 

35 networks are cable television „e ^~ «'~™>™ 
which would convert the cable TV network ""««««■"« have been made 

into a two-way telecommunications nework ' 0 " e " Way broad ^«"8 network 
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The previous embodiments... describe several functional entities, such as the 

intercepting means 120, the control unit 122, arid the electronic wallet means 124. 

These functional entities can be implemented in many different ways in one or more 
u physical pieces of equipment, arid the invention does not limit the form of 
5 - implementation of these entities. For example, the intercepting means 120 can be 
v implemented in the router 1 14, or a plurality of intercepting means 120 can be 
- implemented in the terminal servers 112. The intercepting means 120 and the 
£ control unit 122 can even be implemented in the same physical device. Further, if 

desired, the control unit 122 can be implemented with several sub-units in one or 
10 more physically separate devices. For example, the functionality of the control unit 

122 can be implemented as computer programs functioning in one or more 

computers. 

In the following paragraphs, a description of one exemplary embodiment of the 
15 . invention is presented with reference to Figure 8. 

sin this embodiment, the intercepting means 120 is implemented in a fast 
microcomputer running the NetBSD operating system. The microcomputer is 
equipped with local area network (LAN) interfaces for connection to the Internet, to 

20 the terminal servers 1 12 and to the control unit 112. The TCP level intercepting 

means is implemented by changing the operating system kernel routines handling IP 
packets. Namely, the ip_input() operating system function is modified to inspect all 
incoming TCP/IP packets. Those packets that include electronic money information, 
i.e. designate a port number reserved for an electronic monetary system, are 

25 redirected to the control unit 122 via the LAN interface. Packets containing HTTP 
traffic are directed to HTTP screening software 120' running in the same 
microcomputer. 

The HTTP screening and intercepting software 120*, which was in the description of 
30 one of the previous embodiments referenced to as a second-level intercepting 

means, receives all packets containing HTTP traffic from the modified operating 
system kernel. The HTTP screening and intercepting software 120' inspects the 
packets to determine, whether the packets contain electronic money information. If 
this cannot be determined from a single packet in the case of a HTTP transmission 
35 consisting of more than one packet, the HTTP screening and intercepting software 
120 1 can collect several packets before making the determination. If a HTTP 
transmission does not contain electronic money information, the transmission is 
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.o , e co„ trol meras , mplemented by the ,rr»r h rr rr;r Md 

authcnt.ca.ion software 122f and call database software 122g. ' 

The electronic wallet software 124 comprises functions enabling the software ,o 
s a Cent, ,e. buyer, in electronic money transactions. The „a, et softwaT 
preferably comprises specialized functions for handling different foZo7e.ee. • 
money, such as the E-cash and the credit card based SET pro ocl, Z. ^ 
walle, software handles the electronic ntoney transact Cage, 
he ,„tereep t ,„ E means ,20, ,20' and queries the transaction authoriZ ' oftTre 
tor accep,ance or denial of a transaction. After receiving an authorbT, on he 
electronic wallet software obtains the telephone call irtelir T f 

After recetvtng the ca,l identifier, the electronic money software ins Jucts Te S CP 

software to deb.t an amount of money on the user's telenh™,. , ~ 

to be debited is based on the eleetro jc -^^S^T^ am ° Un ' 

cred,t, or be refunded by adjusting the basic charging inten/al witZZ , k 
money,™^^ 

information in such a way in the transmission sent as a reply to th/n 

the user is identified as the sender of the transmission " ** 

The electronic wallet software . 24 preferably holds a sufficiently large sum of 
electronic money, and all necessary certificates and credit »„ rf A! ! 
necessary for using credit card based electronic Ton^LT ^ ^ 
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Transaction authorizMQSJAfiwars..l22e determines, whether a given transaction is * 
authorized or not. The transaction authorization software comprises the functions 
necessary for implementing the authorization policy options described previously in 
connection with description of Figure 3. 

5 

Preferably, the authorization software 122e also implements the payment control 
means !22a and policy control means 122b described previously. For that purpose, 
the authorization software administers one or more WWW documents, in the form 
of HTML forms using CGI scripts. The users can access these documents at a 

10 special network address, where the users can connect io in the same way as they 
would to any network address. The combined intercepting means and router 120 
routes HTTP requests addressed to that address and originated by the users of the 
ISP to the authorization software. If a user has opened a connection to the special 
network address and obtained the payment control form, the authorization software 

15 can inform the user of a new payment request by sending the user an update of the 
form. The authorization software can recognize and certify that the intended user 
confirms the right payment request or that a user changes his own payment policy 
• options, by checking the sender's IP address in the HTTP transmission sent by the 
user. 

20 

The SCP software 122h comprises the functions needed for an IN-compliant Service 
Control Point. One example of such software is the OSN SCP software of Systems 
Software Partners Ltd., Lappeenranta, Finland. For the embodiment of Figure 8, 
software providing a standard SCP functionality needs to be augmented with 
25 functions implementing the ability to communicate with the electronic wallet 
software 124. 

Whenever a new connection is opened through the SSP 106, the SCP software 122h 
stores information about the call to the call database 122g. This information can 
30 comprise a call identifier for future accounting functions and a line identification, 
that allows the user authentication software 122f to assign an IP number for that 
particular call. When a connection is closed, the SCP software 122h removes the 
information about the call from the call database 122g. 

35 The accounting function of the SCP software 122h is initiated by the electronic 
wallet software 124. When the SCP software 122h receives an accounting request 
from the electronic wallet software 124 indicating the amount of money to be 
charged and the call identifier, the SCP software 122h converts the amount into 
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charging units of the telephone network, and instructs the SSP 1 06 m r u 
actual charging. After the SSP indicates that the T to.petfontuhe 
sends an accounting repIy to the * e S^d^ ' ** 

accounting function has been performed. ' ,ndlcat »* that the 

The user authentication software 122f assisns an IP „„ m k * 
and stores this number along with line infoZt " ^ CaI, > 

the terminal server 1 12 receLs a Z nf ° rmm ° n mto the ca " database. Whenever 
~otheu^^^ 
3 includes a line identifier, allowing the use' 1 tr 

unique IP number to that line The IP nUmhe 1 ™ t0 ■»'*» an 

.the authentication reoue, ' 

Tn this embodiment, the call database softwir, i ->t 

the following information: 8 ma ' ntamS a database * tea* 

- telephone account identifier or a call .7W;fw • „ 

network billing, ""^ reqU ' red to P erfo ™ telephone 

- line identifier that identifies the terminal server used bv th, ,, 

logical line number within the terminal serv^and " ' " ™* " *" 

- the IP address assigned for the call. 

Several suitable database software oackaees ^ u. 

skilled in the art. 8 ^ aV3,lab,e to ^ k ™wn by the man 

The terminal servers of the embodiment in Figure 8 can he r 
MAX TNT terminal servers from Ascend CoZZZo^ Z "uT Th ^ 
servers can handle a large number of simultaneous cafis anH ter^llna, 
conventional and ISDN teleohone lin~ I ° d Ca " SUp P ort both 

^ SSP 106, me J^^ l ^^ * ~* e Ca " «*« from 
which returns an IP number to be ^ s ^^^^ ^ ™> 
gives the IP number to the user's compter throulh P " P ^ T ^ 
which the terminal server 1 12 start s .pass thTu TJItCwZP "~ 
terminated. cmp traf fic, until the call is 

The SSP 106 in the embodiment of Figure 8 can h* , 

Service Switching Point. conventional IN-compliant 



BNSDOCID: <WO 9826381 A 1_L> 



WO 98/26331 



21 



PeT/FI9 i 7/00786 



The networks specified in this ..application, such as the Internet and the conventional 
telephone network, are specified as examples only and do rtot limit the invention in 
any way. The invention can be used in atiy environment comprising a base network 
with an accounting function, and services or some forms of merchandise payable 
5 with electronic money. 

In the-previous embodiments, the ISP was given as an example of a suitable 
provider: of the service enabled by the present invention. However, the invention is 
not limited to use by Internet Service Providers. For example, a company having an 
1 0 own telephone exchange may provide the system according to the invention for the 
benefit of its employees or its various units, without the company being an ISP per 
se. 

Using the present invention, a user does not need to make separate agreements with 
1 5 electronic money providers, nor does the user need to obtain the electronic money 
before its use. The present invention alleviates the burden on the user by removing 
the need to learn how to obtain and use electronic money. A user does not need to 
obtain any special electronic money software in order to use electronic money. The 
user does not need any extra programs to use the invention, other than those needed 
20 to use the Internet or similar networks in the first place. The invention also removes 
the computational load placed on the user's computer by conventional electronic 
monetary system, since in the system according to the invention, computationally 
intensive operations of crypting electronic money information are performed in the 
computers of the ISP. The removal of the computational load is especially beneficial 
25 for the users of small PDA-type communication devices, whose computational 
capacity is often rather limited. 

The present invention can be used with essentially all electronic monetary systems. 
An ISP can obtain all major forms of electronic money, whereafter the users of the 
30 ISP have several different forms of electronic money at their easy disposal, resulting 
in a greater freedom of choice in their merchant selections and purchase decisions. 
Also, users can then choose the most cost effective way of payment, since different 
fees charged by electronic money providers may vary according to the form of 
electronic money and the particular electronic money provider. 

35 

In this application, the term conventional transaction means any conventional way 
of effecting a monetary transaction, for example such as adding debit or credit on a 
user's telephone account, sending a separate invoice, transferring funds by bank 
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transfer, or changing the balance on the user's internal account at the ISP for later 
invoicing or crediting. ww-uuer 
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Claims ... 



1 . An electronic payment transaction system in a node joining a first tele- 
5 communications network and a second telecommunications network 

characterized in that the system comprises an electronic payment intercepting 
means (120), which is arranged to redirect at least a part of electronic money 
transaction messages arriving from the first telecommunications network and 
addressed to users in the second telecommunications network to an electronic wallet 
1 0 means ( 1 24), which electronic wallet means ( 1 24) is arranged to convert electronic 
money transaction messages into conventional transactions. 

2. A system according to Claim 1 , characterized in that the system is arranged 
to send accounting signals to the second telecommunications network to change the 

1 5 balance of the user's account with a sum corresponding to a received electronic 
money payment request addressed to the user. 

3. A system according to Claim 1 or 2, characterized in that said electronic 
wallet means (124) is arranged to send an electronic money payment into the first 

20 telecommunications network in response to a payment request. 

4. A system according to Claim 1 , 2, or 3, characterized in that said electronic 
wallet means (124) is arranged to collect more than one transaction of a user on an 
account internal to the system, before effecting a transaction between the system 

25 and the user. 

5. A system according to Claim 1 , characterized in that the first telecommuni- 
cations network is a TCP/IP network. 

30 6. A system according to Claim 5, characterized in that the first telecommuni- 
cations network is the Internet network. 

7. A system according to Claim 1, characterized in that the second telecom- 
munications network is a conventional PSTN telephone network. 

35 

8. A system according to Claim 1 , characterized in that the second telecom- 
munications network is arranged to support ISDN connections. 
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9- A system according to Claim 1, characterized in thnt 

™» K « , . celIular mobile telTC :r»- :tr„ri ,elecom - : - 

transaction requests. ° a,IOW 2 USer to c ™*™ or decline 

II 



A s y stem ^cording to Claim 1 . characterized in am »i 

£ m ir^t:^:r nic momy ****** * 

- receiving a electronic money transaction request from a first „t 

networa addressed to a user in a second ^^Z^™™'™ 

- transformmg me eiectronic transaction rcqU es, to . eonve^ts action. 

A method according to Claim 12, characterized in ih-it tt* 
additional* comprises the step of sending aceoun ng lgna " „ 
te.ecommunica.ions network to change the balance of *™ of T • a 
sum corresponding to the teauested transaction, as a ■o.^^l^T W " h 

-commnL .mSirr"' 

transaction, and if the user has not aumor^dTet^ , aUth ° riKd 
denying the transaction in response to ££££££ ' ' ^ 
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